Google to be Our Web-Based Anti-Virus Protector ? 171
cyberianpan writes "For some time now, searches have displayed 'this site may harm your computer' when Google has tagged a site as containing malware. Now the search engine giant is is further publicizing the level of infection in a paper titled: The Ghost In The Browser. For good reason, too: the company found that nearly 1 in ten sites (or about 450,000) are loaded with malicious software. Google is now promising to identify all web pages on the internet that could be malicious - with its powerful crawling abilities & data centers, the company is in an excellent position to do this. 'As well as characterizing the scale of the problem on the net, the Google study analyzed the main methods by which criminals inject malicious code on to innocent web pages. It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets. Widgets are small programs that may, for example, display a calendar on a webpage or a web traffic counter. These are often downloaded form third party sites. The rise of web 2.0 and user-generated content gave criminals other channels, or vectors, of attack, it found.'"
aid and comfort to the enemy? (Score:1, Interesting)
Only works through Goolge now... (Score:4, Interesting)
Pros and Cons (Score:5, Interesting)
I surf almost exclusively in Windows, using IE (IE6 + XP Pro on Desktop, IE7 + Vista on laptop) with no protection, and I've not had an issue with malware in years. But most people's browsing habits aren't quite like mine.
One other effect I can see this having, is let's say www.bigcompanyhere.com gets tagged as being potentially harmful. Now Google has done them a favor by alerting them to a security problem, which they can then address, and are likely to do so much quicker to try and minimize damage to their image.
I'm fairly interested to see how this plays out.
Useful, if reliable, but not 100% (Score:4, Interesting)
For example, one of my (very big) corp. customers is still running IE 7...
When I challenged the support guys about this, they said 'that's OK, we detect & block most things at the firewall'...
*sigh*
When I pointed out that:
1. That's bullshit.
2. Lots of their managers travelled, and surfed the net via unsecure methods like hotels using proxy servers, public wifi, they said 'that's OK, they can only access the intranet and internal mail via VPN'.
*double sigh*
So now I advise people not to click on URLs directly, or type them in, but go via Google. It's better than nothing...
Comment removed (Score:3, Interesting)
Re:Wouldn't good sites with bad ads or posts... (Score:3, Interesting)
And the only thing a person who wants to distribute malware neeeds to do is some minimal robots.txt manipulation. The pages with the "bait" content can still be "crawlable" by google while the malware may sit in areas which have been made non-crawlable.
Yet another stupid idea. Almost as stupid as the
Re:aid and comfort to the enemy? (Score:2, Interesting)
So if you install malware on OS X or Linux, it's on Windows?
Not unless you have Wine running, too.
Re:Pros and Cons (Score:3, Interesting)
The next question would be, what are Google's plans/procedure for getting a site recrawled after a problem is corrected? I could see a company being be upset about not having a quick and effective way of getting this flag cleared after fixing the problem. Or, for that matter, a less scrupulous site operator removing the malware, getting cleared, then reintroducing it, and the repeat the cycle on the next crawl when it gets flagged again.
While I think Google would like to just say that such a warning would be reset on the next crawl showing a clean site, most businesses would not be happy about this. This could potentially become an administrative overhead nightmare if not carefully done.
Easy to defeat? (Score:5, Interesting)
This is a good step, but not enough (Score:2, Interesting)
One day people will learn to surf smarter, meanwhile, we will help them becoming smarter.
It already exists somewhat (Score:2, Interesting)
Checks if they are forged sites and so on built right in. I would suspect not long there will be an option check if this is a bad site.
Re:What you suggest is wrong and immoral (Score:3, Interesting)
Really? I won't say that human suffering is good or anything, but I think that's a pretty short-sighted definition. I mean, if I just killed everyone there would be no more suffering.